﻿using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Text.RegularExpressions;

namespace tmAsk.Common
{
    public class Urlregex
    {
        public Urlregex()
        {
            //
            //TODO: 在此处添加构造函数逻辑
            //
        }

        public static void Page_int()
        {
            tmAsk.Data.MakehtmlSQL SQL = new tmAsk.Data.MakehtmlSQL();
            DataTable rs = SQL.GetList("select R_url,R_rule from B_regex").Tables[0];

            string regurl = "";
            string Newurl = "";

            if (rs.Rows.Count > 0)
            {
                for (int i = 0; i < rs.Rows.Count; i++)
                {
                    regurl += @rs.Rows[i]["R_rule"].ToString() + ",";
                    Newurl += @rs.Rows[i]["R_url"].ToString() + ",";
                }
            }

            string[] comeulr = regurl.Split(',');
            string[] inurl = Newurl.Split(',');

            string[] comurlparm = HttpContext.Current.Request.Url.ToString().Split('?');
            string urlparm = "";
            if (comurlparm.Length > 1)
            {
                urlparm = comurlparm[1];
            }
            for (int i = 0; i < comeulr.Length - 1; i++)
            {
                string oldString = comeulr[i];
                string newString = inurl[i];

                //HttpContext.Current.Response.Write(oldString);
                Regex oReg = new Regex(oldString);
                if (oReg.IsMatch(urlparm))
                {
                    string ReWriteUrl = oReg.Replace(HttpContext.Current.Request.Url.ToString(), newString);
                    HttpContext.Current.RewritePath(ReWriteUrl);
                }
                oReg = null;
            }

        }

        public static void Checksql()
        {
            //SQL防注入 
            string Sql_1 = "net user|@a|'|/add|exec%20master.dbo.xp_cmdshell|net localgroup administrators|select|count|asc|char|mid|cscript.exe|declare|insert|delete|drop|truncate|wscript.shell|script|system32|CmdShell|sysadmin|serveradmin|setupadmin|securityadmin|diskadmin|bulkadmin|exec master.dbo.sp_addlogin|exec master.dbo.sp_password|exec master.dbo.sp_addsrvrolemember|create|exec xp_reg|backup|net localgroup administrators|Asc|+dir+|drop table|exec master.dbo.sp_addextendedproc|master.dbo.sysobjects|master.dbo.xp_regwrite|master.dbo.sysdatabases|DECLARE|EXEC sp_oacreate|EXEC sp_oamethod|xp_|Sp_|%2B|Sp_OAGetErrorInfo|Sp_OAGetProperty|Sp_OAMethod|Sp_OASetProperty|Sp_OAStop|Xp_regaddmultistring|Xp_regdeletekey|Xp_regdeletevalue|Xp_regenumvalues|Xp_regread|Xp_regremovemultistring|Xp_regwrite|insert into";
            string[] sql_c = Sql_1.Split('|');

            if (HttpContext.Current.Request.QueryString != null)
            {
                foreach (string sl in sql_c)
                {
                    if (HttpContext.Current.Request.QueryString.ToString().IndexOf(sl.Trim()) >= 0)
                    {
                        HttpContext.Current.Response.Redirect("/");// 
                        HttpContext.Current.Response.End();
                        break;
                    }
                }
            }

            if (HttpContext.Current.Request.Form.Count > 0)
            {
                foreach (string sl in sql_c)
                {
                    if (HttpContext.Current.Request.QueryString.ToString().IndexOf(sl.Trim()) >= 0)
                    {
                        HttpContext.Current.Response.Redirect("/");// 
                        HttpContext.Current.Response.End();
                        break;
                    }
                }
            }
        }
    }
}
